sirpedrotavares

6 exploits Active since Mar 2021
CVE-2021-26857 NOMISEC HIGH WORKING POC
Microsoft Exchange Server - Insecure Deserialization
Microsoft Exchange Server Remote Code Execution Vulnerability
112 stars
CVSS 7.8
CVE-2021-37391 EXPLOITDB MEDIUM text WRITEUP
Chamilo Lms < 1.11.14 - XSS
A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature.
CVSS 5.4
CVE-2021-31642 EXPLOITDB MEDIUM text WORKING POC
Chiyu-tech Semac S2 Firmware - Integer Overflow
A denial of service condition exists after an integer overflow in several IoT devices from CHIYU Technology, including BIOSENSE, Webpass, and BF-630, BF-631, and SEMAC. The vulnerability can be explored by sending an unexpected integer (> 32 bits) on the page parameter that will crash the web portal and making it unavailable until a reboot of the device.
CVSS 6.5
CVE-2021-31251 EXPLOITDB CRITICAL python WORKING POC
Chiyu-tech Bf-430 Firmware - Authentication Bypass
An authentication bypass in telnet server in BF-430 and BF431 232/422 TCP/IP Converter, BF-450M and SEMAC from CHIYU Technology Inc allows obtaining a privileged connection with the target device by supplying a specially malformed request and an attacker may force the remote telnet server to believe that the user has already authenticated.
CVSS 9.8
EIP-2026-100774 EXPLOITDB text WORKING POC
CHIYU IoT devices - 'Multiple' Cross-Site Scripting (XSS)
EIP-2026-100775 EXPLOITDB text WORKING POC
CHIYU TCP/IP Converter devices - CRLF injection